Procom

Procom

Toronto, ON

Security Analyst

Security Analyst

On behalf of our client in the Consulting Sector, PROCOM is looking for a Security Analyst.

Security Analyst – Job Description

Incident Response - info gathering and documentation

  • Host weekly Incident review meeting with DevOps
  • Document security incidents (in SF)
  • Update Monthly Customer Incident Summary (in confluence)

Third-party risk assessment

  • Conduct on-demand risk assessment request in SF
  • Document and maintain Approved Software List(s) in SF
  • Maintain RA repository in Sharepoint

Third-Party Risk monitoring

  • Monitor and report changes in third-party risk (with US-Cert as primary source for information) on daily basis
  • Investigate the items with potential impact with DevOps
  • Manage epics on the related action items

Security training

  • Onboarding security awareness training assignment and follow up

Weekly eventlog review

  • Prepare and generate reports
  • Host weekly eventlog review meeting with DevOps
  • Manage epics on the related action items

Security Alerts and Monitoring

  • Monitor security related dashboards & alerts from Symantec, Sophos, ThreatStack, Eset, Splunk, OpenDNS and any other subsidiary information system on daily basis
  • Investigate and respond
  • Generate summary reports

Monthly Privileged User access review

  • Manage the collection of privileged user assignment process with DevOps, HR and other critical system owners on monthly basis (scope limited to Hosted environment + corporate systems such as O365, SF, DNS) NOTE: information system in scope should match the scope for change management
  • Conduct monthly review with DevOps
  • Manage epics on the related action items

Application Vulnerability Management (NOTE: all products are included in scope)

  • Collect info on code scan (veracode) with SE on monthly basis. NOTE: scope on HIGH severity items
  • Collect info on application scan (qualys) on monthly basis.
  • Manage the annual manual PenTest process
  • Engagement: finalize scope and SOW
  • Preparation: setup site and credentials
  • Reporting: finalize reports for external audience (summary) + internal audience (details)
  • Document and manage the application vulnerability items (SF or confluence)

Monthly KPI

  • Collect and document KPI items

Assisting with on-going security projects

  • FedRAMP - documentation review
  • ISO - policy review
  • SOC2 artifact collection - follow-up with DevOps

Security Analyst – Mandatory Skills

  • 7 years of Security experience
  • Incident Response - info gathering and documentation
  • Third-party risk assessment and monitoring
  • Security training
  • Security Alerts and Monitoring
  • Monthly Privileged User access review
  • Application Vulnerability Management (NOTE: all products are included in scope)

Security Analyst – Nice to Have Skills

  • Security Certifications preferred

Security Analyst - Assignment Start Date

ASAP – 3 months to start

Security Analyst - Assignment Location

Toronto, ON – Work Remotely

Job Requirements